I am using a bind name that is a valid user on my Windows Active Directory.  The user is in the correct LDAP base.  I am still getting an error in Syslog that indicates that it failed to bind due to invalid credentials. What am I doing wrong?

When a Lantronix device attempts to bind to Active Directory, it sends over the bind name configured in the LDAP settings of our device. When Active Directory looks up the bind name, it does not use the username of the Active Directory user, it uses the display name from the User listing.

For instance, if you set up a user in Active Directory called Bob Smith with a username of bsmith, the display name in your Active Directory user list will be Bob Smith, not bsmith.

If you use bsmith as the bind name in the LDAP configuration of the Lantronix device, it will look for that bsmith in the Active Directory listing. Since the display name is Bob Smith, not bsmith, it will not find a match.

Two ways to address this are to change the bind name in the LDAP configuration to match the Active Directory name listing or change the display name in Active Directory to match the bind name.

If the display name is Bob Smith, the bind name should be something like:

cn=Bob Smith,dc=domain,dc=com

If you change the Active Directory display name to bsmith, the bind name would be something like:

cn=bsmith,dc=domain,dc=com

[Originally Published On: 07/15/2009 12:33 PM]